Archives mensuelles pour 7 2015

Information strace the binary at /home/flag15/flag15 and see if you spot anything out of the ordinary. You may wish to review how to “compile a shared library in linux” and how the libraries are loaded and processed by reviewing the dlopen manpage in depth. Clean up after yourself 🙂 To do this level, log in ...

Information This program resides in /home/flag14/flag14. It encrypts input and writes it to standard output. An encrypted token file is also in that home directory, decrypt it 🙂 To do this level, log in as the level14 account with the password level14. Files for this level can be found in /home/flag14. Solution In this level, ...

Information There is a security check that prevents the program from continuing execution if the user invoking it does not match a specific user id. To do this level, log in as the level13 account with the password level13. Files for this level can be found in /home/flag13. Source code Solution The program above requests ...

Information There is a backdoor process listening on port 50001. To do this level, log in as the level12 account with the password level12. Files for this level can be found in /home/flag12. Source code Solution There is in the code above a command injection. I can control the password variable. It is used to ...

Information The /home/flag11/flag11 binary processes standard input and executes a shell command. There are two ways of completing this level, you may wish to do both 🙂 To do this level, log in as the level11 account with the password level11. Files for this level can be found in /home/flag11. Source code Solution In this ...

nebula – level10 Information The setuid binary at /home/flag10/flag10 binary will upload any file given, as long as it meets the requirements of the access() system call. To do this level, log in as the level10 account with the password level10. Files for this level can be found in /home/flag10. Source code Solution This challence ...

Information There’s a C setuid wrapper for some vulnerable PHP code… To do this level, log in as the level09 account with the password level09. Files for this level can be found in /home/flag09. Source code Solution The description told me that there is a binary setuid wrapper which executes php code. As usual, I ...

Information World readable files strike again. Check what that user was up to, and use it to log into flag08 account. To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08. Solution The description says « World readable file strike » I guess the ...

Information The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server. To do this level, log in as the level07 account with the password level07. Files for this level can be found in /home/flag07. Source code Solution I started ...

Information The flag06 account credentials came from a legacy unix system. To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06. Solution The description says “The flag06 account credentials came from a legacy unix system.” Which made me think I need to ...